Security Advisory

CVE-2025-11521

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-11 03:30:52
Last updated 2026-04-08 17:34:13
Assigner Wordfence
State PUBLISHED

Description

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.